Sixty-three percent of people believe that it is acceptable for their government to spy on another country’s computer systems
Nearly two thirds of computer users globally believe that it is acceptable for their country to spy on other nations by hacking or installing malware, according to Sophos’s mid-year 2010 Security Threat Report, with 23 percent claiming to support this action even during peace time.
One in 14 respondents to the survey claimed to believe that crippling denial of service (DDoS) attacks against another country’s communication or financial websites – like the one used to target Russian banks earlier this year – are acceptable during peace time. Nearly half said such an attack was only acceptable when two countries were at war, and 44 percent said it was never acceptable.
“I think there might be an attitude of all’s fair in love and war,” said Graham Cluley, senior technology consultant at Sophos, speaking to eWEEK Europe. “There’s always been one rule for your country and another rule for your citizens.
“But it goes one stage further when you begin to ask, is it all right to launch attacks against communication systems and financial systems?” he added. “You can image the chaos that would ensue if there were organised denial of service attacks on a regular basis, purely to give your country an economic advantage.”
All’s fair in love and war
Cluley believes the attitudes of respondents are largely down to an ingrained cynicism about the role of governments in war. Governments have always spied on each other, and “used every dirty trick in the book” to do so, said Cluley. “Why wouldn’t they use the Internet to do this as well? If it’s your country’s interests at heart, and if they’re protecting your country, then you might think, ‘I don’t really care what they do’.”
Perhaps more surprisingly, 32 percent of respondents to Sophos’s survey said that countries should also be allowed to plant malware and hack into private foreign companies in order to spy for economic advantage.
“It’s kind of curious, because these are the people that have got no time for hackers and the bad guys at all, but seem to think it’s all right for countries to do this,” said Cluley. “I think they need to remember that, one day, it might be a country attacking your company’s network, and trying to infiltrate it, and how are you going to feel about it then?”
The Security Threat Report also found that the US is still has the majority (42.29 percent) of malware-hosting websites. These are websites that have been set up with the intention of infecting visitors, or legitimate websites that have been compromised by hackers. The UK was sixth on the list, with 2.41 percent hosted in this country.
According to Cluley, many of these websites are legitimate ones that have been targeted by hackers. “Businesses could end up infecting their customers, leaving them open to fraud,” he warned. Some hackers also use aggressive search engine optimisation techniques to push infected websites to the top of search results.
This news could be of particular concern, in light of the fact that the UK government recently axed plans for an increase in funding to the Metropolitan Police’s cyber crime unit. With online fraud and other electronic crimes becoming increasingly commonplace, the Police Central e-crime Unit had been hoping for extra funding from the Home Office for training and equipment purposes. However the extra funding was cut as part of the coalition government’s £6 billion deficit reduction plans.
“There is concern that at the moment the cyber crime authorities are pretty pitifully funded for the level of crime that is going on,” said Cluley. “I think the one thing we can be sure of is that the cyber criminals aren’t cutting their investment in this kind of crime. We are seeing more attacks than ever before. We see 60,000 pieces of new malware every single day, which is simply staggering, but that’s the level of crime that we’re seeing. So companies need to keep on top of this problem.”